I have a question when searching for string in memory.
stringToPattern,hexStringToPattern(aobscan)
Which of these two methods is faster?
And modulePatternScan, addressPatternScan
I wonder what these are.
English is very awkward. Please acknowledge it beforehand.
classmemory aobscan&stringscan Topic is solved
-
- Posts: 147
- Joined: 05 Nov 2016, 22:42
Re: classmemory aobscan&stringscan Topic is solved
I acknowledge that English is very awkward.
Just to be clear - stringToPattern() and hexStringToPattern() DO NOT search memory - they return a special pattern which you can then pass to one of the ....patternScan() methods to perform the actual scan.
stringToPattern() is less versatile/useful than hexStringToPattern(). It only allows you to generate patterns from text strings, and it doesn't allow for wildcard bytes/values.
Generally you only use it when searching for exact string matches, as it's a little simpler than using hexStringToPattern() as this would require you to convert the text string into its hex form.
Generally speaking, you will use either modulePatternScan(module := "", aAOBPattern*) or processPatternScan(startAddress := 0, endAddress := "", aAOBPattern*).
Which one you use depends on the situation and personal preference. If the pattern you are searching for represents asm (assembly language) in a specific module then you typically use modulePatternScan(). If the pattern represents something stored in the heap (or if modulePatternScan() doesn't seem to work), then you would use processPatternScan().
Hope that helps.
I'm not sure, you would need to test it.stringToPattern,hexStringToPattern(hexString)
Which of these two methods is faster?
Just to be clear - stringToPattern() and hexStringToPattern() DO NOT search memory - they return a special pattern which you can then pass to one of the ....patternScan() methods to perform the actual scan.
stringToPattern() is less versatile/useful than hexStringToPattern(). It only allows you to generate patterns from text strings, and it doesn't allow for wildcard bytes/values.
Generally you only use it when searching for exact string matches, as it's a little simpler than using hexStringToPattern() as this would require you to convert the text string into its hex form.
Ignore addressPatternScan() - it's useless for most people. The ....PatternScan() methods perform the pattern scans on the target process.And modulePatternScan, addressPatternScan
I wonder what these are.
Generally speaking, you will use either modulePatternScan(module := "", aAOBPattern*) or processPatternScan(startAddress := 0, endAddress := "", aAOBPattern*).
Which one you use depends on the situation and personal preference. If the pattern you are searching for represents asm (assembly language) in a specific module then you typically use modulePatternScan(). If the pattern represents something stored in the heap (or if modulePatternScan() doesn't seem to work), then you would use processPatternScan().
Hope that helps.
-
- Posts: 147
- Joined: 05 Nov 2016, 22:42
Re: classmemory aobscan&stringscan
RHCP wrote:I acknowledge that English is very awkward.
I'm not sure, you would need to test it.stringToPattern,hexStringToPattern(hexString)
Which of these two methods is faster?
Just to be clear - stringToPattern() and hexStringToPattern() DO NOT search memory - they return a special pattern which you can then pass to one of the ....patternScan() methods to perform the actual scan.
stringToPattern() is less versatile/useful than hexStringToPattern(). It only allows you to generate patterns from text strings, and it doesn't allow for wildcard bytes/values.
Generally you only use it when searching for exact string matches, as it's a little simpler than using hexStringToPattern() as this would require you to convert the text string into its hex form.
Ignore addressPatternScan() - it's useless for most people. The ....PatternScan() methods perform the pattern scans on the target process.And modulePatternScan, addressPatternScan
I wonder what these are.
Generally speaking, you will use either modulePatternScan(module := "", aAOBPattern*) or processPatternScan(startAddress := 0, endAddress := "", aAOBPattern*).
Which one you use depends on the situation and personal preference. If the pattern you are searching for represents asm (assembly language) in a specific module then you typically use modulePatternScan(). If the pattern represents something stored in the heap (or if modulePatternScan() doesn't seem to work), then you would use processPatternScan().
Hope that helps.
understand. You gave me a good explanation. thank you
There was no difference in speed when testing the whole memory.
Who is online
Users browsing this forum: mikeyww, prototype_zero, w_i_k_i_d and 325 guests